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REMARKS 

Claims 1, 5, and 7 are currently pending in this application, as amended. Claims 
1 , 5 and 7 have been amended to more particularly point out and distinctly claim the subject 
matter the Applicants regard as the invention and to put them in better U.S. form. Claims 2-4 
and 6 have been canceled. The Specification has been amended to use proper idiomatic English 
and to clarify several portions of the disclosure as requested the Examiner. No new matter has 
been added by the Amendment to the Specification. No new matter has been added by the 
Amendment. 

Objections to the Specification 

The Specification has been objected to under 37 C.F.R. § 1 .71 as not being 
understandable in several parts. The Examiner points to several specific locations in the 
Specification which are not understandable. Further, the Examiner has indicated that a 
Substitute Specification in proper idiomatic English and in compliance with 37 C.F.R. § 1.52(a) 
and (b) is required. 

The Applicants have amended the Specification to include proper idiomatic 
English throughout and specifically to address the portions of the Specification pointed to by the 
Examiner as not being understandable. No new matter has been added to the Specification by 
the Amendments. Accordingly, the Applicants respectfully request that the objection to the 
Specification under 37 C.F.R. § 1.71 be withdrawn. 

Objections to the Drawings 

The Examiner has objected to the drawings under 37 C.F.R. § 1. 83(a) because the 
drawings must show every feature of the invention specified in the claims. The Examiner states 
that the test generating computer (TGC) for generating a test input in a test signal position bit, 
the trip algorithm computer (TAC) for receiving plant operating parameters via a plurality of 
measuring channels, the voting algorithm computer (VAC) for receiving trip signals from each 
of the plant operating parameters determined by said TAC, the pattern recognition computer 
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(PRC) for expecting a signal pattern from the state of the reactor must be shown or the features 
canceled from the claims. 

The present invention is directed to a method for testing operating of components 
of a reactor protection system including a TGC, TAC, VAC and PRC. These components are in 
a normal or conventional nuclear protection system that uses four independent channels to check 
operating parameters used in a nuclear power plant. Fig. 1 shows a schematic view of a digital 
online active test-plant protection system (DOAT-PPS) in accordance with the present invention 
showing one of the four channels. Fig. 2 compares a conventional dynamic safety system (DSS) 
having four channels to the DOAT-PPS of the present invention having four channels, and 
therefore, Fig. 2 shows that there are four channels and Fig. 1 shows details of one of the four 
like channels. The test generating computer (TGC) is numbered 110 in Fig. 1. The test 
algorithm computer (TAC) is numbered 120 in Fig. 1. The voting algorithm computer (VAC) is 
numbered 130 in Fig. 1. The pattern recognition computer (PRC) is numbered 140 in Fig. 1. 
The TGC 1 10 generates the test input based on software programming and communicates the 
signal to the TGC 1 10. The TGC 1 10 receives safety parameters as an input signal from an 
environment neutron flux monitoring system (ENFMS), a remote shutdown panel and core 
protection calculator system (CPCS) via an analog input module (AI) or a digital input module 
(DI). Those signals are indicated as "field" and "signal," respectively, at the TGC 1 10. 

Applicants have provided a new drawing sheet, Fig. 3, which depicts a 
conventional, prior art, four channel DSS as outlined in the third column of Fig. 2, in order to 
help clarify the conventional DSS in view of the Specification and original drawings. Such DSS 
systems are well known in the art. Therefore, adding Fig. 3 would not constitute new matter 
because the characteristics of the prior art DSS are set forth in Fig. 2 in conjunction with the 
elements described in the Specification that are not inventive in themselves (i.e., the TAC, VAC 
and four channels). 

An explanation of the function of the system with use of the drawings may be 
helpful in showing that the drawings support the claims, as amended. The TGC 1 10 generates a 
test input for self diagnosis, the test input being inserted between actual safety parameters as a 
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test parameter and a test signal position bit indicating a position information of the test input in 
memory of the TGC For example, it is assumed that there are five (5) safety parameters and a 
second safety parameter has to have a value which should not he beyond "50." The TGC sets the 
value to "60" and generates a test input including the modified second safety parameter. 

The TAC 120 receives the safety parameters through the TGC 1 10 from a 
plurality of measuring channels which are physically and electrically isolated from each other 
and then compares the safety parameter and predetermined limit values by the safety parameters, 
if there is a test input by the TGC 1 10. The TAC 120 contains a trip algorithm and the TAC 120 
determines the state of each of the safety parameters by comparing the safety parameters 
received from the TGC 1 10 with a predetermined limit value using the trip algorithm. In the 
example, the TAC 120 can find that the value of the second safety parameter is "trip." Assuming 
the normal state is "0," the TAC 120 outputs a signal indicating the second safety parameter is a 
"trip," e.g., "0, 1 , 0, 0, 0," where "1" is a "trip." Of course this operation is carried out on all 
four channels. 

The VAC 130 receives the trip state of each of the safety parameters determined 
by the TAC 120 in each of the channels, and determines a final state of each of the safety 
parameters and then outputs the result. For example, if the trip state of the safety parameter 
received from the four TACs 120 is "01000", "00100", "00100" and "01000", respectively, the 
VAC 130 determines that the state of the second safety parameter and third safety parameter are 
trip states "01100". 

The PRC 140 expects a signal pattern to be input from the VAC 130 by using the 
test signal position bit which is input through the VAC 130 from the TGC 1 10 and compares the 
signal pattern on a one to one basis, i.e., bit by bit or signal state by signal state, with the result 
determined by the VAC 130. If the signal pattern and the result are not consistent, the PRC 140 
determines that it should trip the reactor. 

Thus, the TGC 1 10, TAC 120, VAC 130 and PRC 140 are explicitly shown in 
Fig. 1. Fig. 1 depicts one channel of a plurality or of four channels. Fig. 2 explicitly indicates 
that there are four channels. New Fig. 3 shows a "prior art" DSS system which is improved by 
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the present invention. Accordingly, a plurality of measuring channels are shown in the figures. 
The test input and the test signal position bit are in software, but the test input can be from the 
field or signal line associated with the TGC 1 10. The TAC 120 receives safety parameters via a 
plurality of measuring channels. The TGC J 10, TAC 120, VAC 130 and PRC 140 are all also 
interconnected by communication modules (CM). The VAC 130 receives trip signals from each 
of the plant operating parameters determined by the TAC over the communication module CM. 
The PRC 140 compares signals received over the communication module CM with an expected 
signal pattern in memory. Accordingly, the objection to the drawings under 37 C.F.R. § 1.83(a) 
with respect to the TGC, TAC, VAC and PRC has been overcome and should be withdrawn. 

The Examiner has also objected to the drawings under 37 C.F.R. § 1 .83(a) 
because they fail to show four independent measuring channels (A, B, C, and D), because they 
fail to show the ENFMS, remote stop panel and CPCS input signals received by the TAC. 

As mentioned above, Fig. 1 shows one of the four independent measuring 
channels and Fig. 2 explicitly indicates that there are four measuring channels. New prior art 
Figure 3 is a conventional DSS system having the aforementioned four measuring channels. Fig. 
1 explicitly shows "field" and "signal" lines coming from the ENFMS, remote stop panel, and/or 
CPCS providing an input signal therefrom. Accordingly, the objection under 37 C.F.R. § 1.83(a) 
with respect to the four independent measuring channels and the signals from the ENFMS, 
remote stop panel and CPCS, has been overcome and should be withdrawn. 

The Examiner has also objected to the drawings under 37 C.F.R. § 1.84(p)(5) 
because they include reference signs not mentioned in the description including "P," "M," "C," 
"A," "D," "I" and "O." 

In the Substitute Specification, the Applicants have included a description of 
communication modules (CM), processor modules (PM), analog input modules (AI), digital 
input modules (DI) and digital output modules (DO). Since the elements and labels were shown 
in the original drawings and are commonly known components of conventional programmable 
logic controllers (PLCs), no new matter has been added by the description of these elements in 



10 



Application No. 09/777,108 
Reply to Office Action of March 14, 2003 



the Specification. Accordingly, the objection to the drawings under 37 C.F.R. § L84(p)(5) has 
been overcome by the amendment to the Specification and should be withdrawn. 

Claim Rejections Under 35 US.C. § 112 

Claims 1, 5 and 7 have been rejected under 35 U.S.C. § 112, first paragraph as 
containing subject matter which was not described in the Specification in such a way as to enable 
one skilled in the art to make and/or use the invention. Claims 1, 5 and 7 have been rejected 
under 35 U.S.C. § 112, second paragraph as being indefinite for failing to particular point out 
and distinctly claim the subject matter which the Applicant regards as the invention. 

In view of the foregoing amendment to the Specification and the claims, the 
Applicants respectfully submit that the rejections under 35 U.S.C. § 1 12, first and second 
paragraphs have been overcome for the reasons that follow. 

Claims 1, 5 and 7 in the Specification have been amended to include "a voting 
algorithm computer (VAC) for receiving a trip state of each of the safety parameters determined 
by the TAC in each of the channels . . . ." The Specification and the claims have also been 
amended to include that the voting algorithm computer "(determines) a final state of each of the 
safety parameters and outputs the result ." The PRC computer receives the input from the VAC 
by using the test signal position bit and " compares the signal pattern on a one to one basis with 
the result determined by the VAC and if the signal pattern and the result are not consistent the 
PRC determines to stop or trip the reactor ." 

Claims 1, 5 and 7 have also been amended to indicate that, inter alia, the test 
input is inserted between actual safety parameters as a test parameter and a test signal position bit 
indicates position information of the test input. 

Claims 1 , 5 and 7 have been amended to include, inter alia, expecting a signal 
pattern to be input from the VAC. 

Claim 1, 5 and 7 have been amended to include, inter alia, the VAC receiving "a 
trip state of each of the safety parameters determined by the TAC in each of the channels." 
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Accordingly, it is respectfully submitted that the rejections of claims 1, 5 and 7 
under 35 U.S.C. § 1 12, first and second paragraphs, has been effectively overcome and should be 
withdrawn. 

Claims 2-4 and 6 have been canceled, and therefore, the rejection under 
35 U.S.C. § 1 12 with respect to claims 2-4 and 6 has been effectively rendered moot. 

Claim Rejections Under 35 U.S.C. § 102(b) 

Claims 1, 5 and 7 have been rejected under 35 U.S.C. § 102(b) as being anticipated 
by U.S. Patent No. 4,804,515 (Crew et aL ), hereinafter, "Crew". It is the Examiner's position 
that Crew discloses a digital online active test-plant protection system in a nuclear power plant 
including a test generating computer, a trip algorithm computer, and a voting algorithm computer. 
The Examiner states that Crew also discloses a manual test computer for providing an input/output 
function by which an operator can monitor and control IS signals from the TGC, the TAC and the 
VAC, and a remote control module installed in a main control room for displaying the operating 
state of the system and for performing various functions necessary to monitor, test and maintain 
the system. 

Withdrawal of the rejection of claims 1, 5 and 7 is respectfully requested for at 
least the following reasons. 

Present Invention 

The present invention is directed to a digital online active test-plant protection 
system (DOAT-PPS) in a nuclear power plant. The DOAT-PPS includes a test generating 
computer (TGC) for generating a test input for self-diagnosis. The test input is inserted between 
actual safety parameters as a test parameter and a test signal position bit indicates position 
information of the test input. The DOAT-PPS also includes a trip algorithm computer (TAC) for 
receiving the safety parameters through the TGC from a plurality of measuring channels which are 
physically and electrically isolated from each other and then compares the safety parameters and 
predetermined limit values of the safety parameters to determine a trip state of the safety 
parameter, if there is a test input by the TGC. The DOAT-PPS also includes a voting algorithm 
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computer (VAC) for receiving a trip state of each of the safety parameters determined by the TAC 
in each of the channels, determining a final state of each of the safety parameters and then 
outputting the result. The DOAT-PPS further includes a pattern recognition computer (PRC) for 
expecting a signal pattern to be input from the VAC by using the test signal position bit which is 
input through the VAC from the TGC, comparing the signal pattern on a one to one basis with the 
result determined by the VAC and then if the signal pattern and the result are not consistent, 
determining to trip the reactor. 

Crew 

Crew discloses a distributed microprocessor based sensor signal processing system 
for a complex process, such as a pressurized water reactor nuclear power plant. Signals from 
redundant sensors located throughout a pressurized water reactor nuclear power plant are 
processed in four independent channel sets, each of which includes a plurality of independent 
microcomputers which calibrate, convert to engineering units and calculate partial trip settings 
and engineer safeguard actuation signals from the sensor signals for use in the conventional voting 
logic of a plant protection system. For example, a group of sensors 1, 3, 5 and 7 generate signals 
which are processed by associated signal processors 9, 11, 13 and 15, respectively. The sensors 1, 
3, 5 and 7 and associated signal processors 9, 1 1 , 13 and 15 form channel sets labeled 1-4. 
Processing of the sensor signals by the associated signal processor 9, 1 1, 13 and 15 of each 
channel set 1-4 includes a comparison of the value of the signal with a selected limiting value. If 
the limiting value is exceeded, a digital partial protection system actuation signal is generated. 
The partial actuation signal generated by each channel set 1-4 are each applied to identical logic 
trains 17 and 19 which individually generate protection system actuation signals based upon 
selected voting logic. If two out of four voting logic has been selected, two out of the 
corresponding four partial actuation signals must be present in order to generate the actuation 
signal. The protection system actuation signals include trip signals which open breakers 
supplying power to under voltage coils on the reactor rod control system to shut down the reactor. 

Patentability of Claim 1 

Claim 1, as amended, recites, inter alia: 
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a trip generating computer (TGC) for generating a test input for 
self-diagnosis, said test input being inserted between actual safety 
parameters as a test parameter and a test signal position bit 
indicating position information of the test input... 



a pattern recognition computer (PRC) for expecting a signal 
pattern to be input from the said VAC by using the test signal 
position bit which is input through the VAC from the TGC, 
comparing the signal pattern on a one to one basis with the result 
determined by the VAC, and then if the signal pattern and result 
are not consistent, determining to trip the reactor . 

Crew fails to disclose, teach or suggest a trip generating computer for generating a 
test input for self-diagnosis where the test input is inserted between actual safety parameters as a 
test parameter at a test signal position bit indicating position information of the test input. Further, 
Crew fails to disclose, teach or suggest a pattern recognition computer for expecting a signal 
pattern to be input from the voting algorithm computer by using the test signal position bit which 
is input through the voting algorithm computer from the test generating computer, comparing the 
signal pattern on a one to one basis with the result determined by the voting algorithm computer, 
and if the signal pattern and the result are not consistent, determining to trip the reactor . Crew 
discloses a system having independent signal processors which generate a different actuation 
signal for each channel which are then applied to two identical logic trains which individually 
generate protection system actuation signals based upon selected voting logic. 

A claim is anticipated under 35 U.S.C. § 102 only if each and every element as set 
forth in the claim is found expressly or inherently described in a single prior art reference. MPEP 
§ 2131. Further, the elements must be arranged as required in the claim. In re Bond , 910 F.2d 
831, 15 USPQ2d 1566 (Fed.Cir. 1990). Thus, in order to anticipate a claim, a single reference 
must teach each and every element of the claim and the elements of the reference must be 
arranged as required in the claim. 

As discussed above, Crew fails to disclose, teach or suggest that the test generating 
computer generates a test input for self diagnosis and the test input is inserted between actual 
safety parameters as a test parameter along with the test signal position bit indicating position 
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information of the test input, as also claimed in independent claim 1, as amended. Further, Crew 
fails to disclose, teach or suggest a pattern recognition computer which expects a signal pattern to 
be input from a voting algorithm computer by using the test signal position bit which is input 
through the voting algorithm computer from a test generating computer, as claimed in independent 
claim 1, as amended. It is therefore, respectfully submitted that claim 1 is not anticipated by 
Crew. Accordingly, it is respectfully requested that the rejection under 35 U.S.C. § 102(b) of 
claim 1, as amended should be withdrawn. 

Claims 3-4 

Claims 3-4 have been canceled and therefore, the rejections under 
35 U.S.C. § 1 12(b) with respect to claims 3-4 has been effectively rendered moot. 

Patentability of Claim 5 

Claim 5, as amended recites, inter alia: 

a first step of generating , in a test generating computer (TGC), a 
test input for self diagnosis, said test input being inserted between 
actual safety parameters as a test parameter and a test signal 
position bit indicating position information of the test input... 

a fourth step of expecting, in a pattern recognition computer 
(PRC), a signal pattern to be input from the VAC by using the test 
signal position bit which is input through the VAC from the TGC, 
comparing the signal pattern on a one to one basis with the result 
determined by said third step, and then if the signal pattern and the 
result are not consistent, determining to trip the reactor . 

As mentioned above with respect to claim 1, Crew fails to disclose, teach or 
suggest generating a test input for self diagnosis and that the t est input is inserted between actual 
safety parameters as a test parameter and a test signal position bit indicating position information 
of the test input. Further, Crew fails to disclose, teach or suggest expecting , in a pattern 
recognition computer (PRC), a signal pattern to be input from a voting algorithm computer by 
using the test signal position bit which is input through the voting algorithm computer from the 
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(test generating computer) TGC, comparing the signal pattern by a one to one basis with the 
result determined by (a step of receiving a trip state), and then if the trip signal pattern and the 
result are not consistent, determining to trip the reactor . Instead, Crew discloses partial actuation 
signals generated by each channel set that are applied at two identical logic trains which 
individually generate protection system actuation signals based upon selected voting logic. 
Accordingly, for all the reasons set forth above regarding claim 1 , Crew does not disclose each 
and every element or step of claim 5, as amended. Therefore, claim 5, as amended, is also not 
anticipated by Crew. Accordingly, it is respectfully requested the rejection under 35 U.S.C. 
§ 102(b) with respect to claim 5 should be withdrawn. 

Patentability of Claim 7 

Claim 7 is directed to a control program that includes nearly identical steps as set 
forth above with respect to claim 5. Accordingly, for all the reasons set forth above with respect 
to claim 5, claim 7 is also not anticipated by Crew. Accordingly, Applicants respectfully request 
that the rejection with respect to claim 7 under 35 U.S.C. § 102(b) should also be withdrawn. 

Claim Rejections Under 35 U.S.C. § 103(a) 

Claims 2-6 have been rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Crew and further in view of official notice. 

Claims 2 and 6 have been canceled, and therefore, the rejection under 
35 U.S.C. § 103(a) with respect to claims 2 and 6 has been effectively rendered moot. 
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CONCLUSION 

In view of the foregoing Amendment and Remarks, it is respectfully submitted 
that the present application, including claims 1 , 5 and 7, is in condition for allowance and such 
action is respectfully requested. 



Respectfully submitted, 



POON HYUN SEONG et al. 



Au^lsA- l4 ; 2D0Z 



(Date) 
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Registration No. 52,225 
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2005 Market Street, Suite 2200 
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Direct Dial: 215-965-1268 
Facsimile: 215-965-1210 
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DIGITAL ONLINE ACTIVE TEST PLANT PROTECTION SYSTEM IN A NUCLEAR 
POWER PLANT AND METHOD THEREOF 

TECHNICAL FIELD 
The invention relates generally to a protection system for nuclear power 
5 plant and method thereof. More particularly, the present invention relates to an improved 
digital s oftware based digital-based reactor protection system and an engineering 
engineered safety equipment operating features actuation system. 

BACKGROUND OF THE INVENTION 
A nuclear power plant is a system to which safety is very important in view 

1 0 of its characteristic characteristics . One of important roles system that must be played for 
the safety of the nuclear power plant is a reactor protection system. A An Instrument and 
Control (I&C) system including the reactor protection system is a system that serves as 
brains of humans in a nuclear power plant, which significantly affects its operation as well 
as safety of the entire nuclear power plant. Therefore, improvement in the performance of 

15 the I&C system such as the nuclear protection system and safety of reliability of a high 
level will provide significant effects to economic benefits and improved safety in the 
nuclear power plant. 

Most of a reactor protection system in a pressurized light-water nuclear 
power plant, now widely used in the domestic, is based on an analog circuit, which is 

20 composed of a process measuring system consisted consisting of a lot of analog circuit 
substrates and a solid state protection system (SSPS) made of hardware for performing 
LCL. 

The reactor protection system has several problems, which will be explained 

as follows. 

25 First, as it is based on an analog circuit, there is a problem in a circuit itself 

such as drift and worn-out of components. 

1 
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Second, it requires a periodic check for maintenance. As this check nearly 
entirely depends on manpower, however, there is a problem that a significant amount of 
cost and time is wasted- 
Third, there is a problem that the reactor is unnecessarily stopped during the 

5 check. 

Meanwhile, now only the reactor protection system itself is a system 
consisted of high value-added nuclear power plant safety-class equipments but also most of 
a rector for receiving signals and other constituent elements are a nuclear power plant 
safety-class equipments. As most of the nuclear power plant safety-class equipments 

1 0 equipment req u ire requires technology of a high level, a lot of cost for development and 
purchase are required. In particular, as the an l&C system depending that depends on a 
foreign technology additionally bears an engineering cost of 3 to 4 times to the cost for 
manufacturing the equipment, there is a great economic burden. As a concrete example, 
the plant control system (PCS) included in Gori 2th SSPS costs about 18 millions dollars. 

1 5 If this nuclear power plant I&C system is localized, the engineering cost as well as the 
manufacturing cost could be significantly reduced. Also, considering that the level of 
technology in which the nuclear power plant I&C system requires is significantly high, it 
could be expected that the level of the I&C system related industries could be increased 
accordingly. In this view, it is very meaningful to localize the reactor protection system 

20 that is the core in the nuclear power plant I&C system. 

In order to overcome these problems, it is necessary to develop a software 
based digital nuclear power plant protection system. 

Meanwhile, examining a digital plant protection system (DPPS), which has 
been developed in order to solve the above-mentioned problems, there has been proposed a 

25 passive test method in which an alert is issued by an interface & test processor if any 

problem occurred while continuously monitoring the bi stable process bistable processor 
and a LCL processor, and an active test method by which a specific channel is bypassed 
and a test signal is applied to compare an output signal and a feedback signal. 
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In the passive test method being an online test, the state of the system is 
continuously monitored. However, the active test method bypasses and then periodically 
performs a test, which could not continuously monitor the state of the system. 

As a result, as the system test in the conventional digital plant protection 
5 system monitors the state of respective channels and components, there is an advantage that 
relatively detailed information eft about the malfunction of specific components may be 
obtained. However, as it accordingly requires the software of higher complexity and the 
system test itself is passive, though the system stability could be continuously monitored in 
a normal state of operation, there is a problem that the stability in the stop trig state of the 
1 0 reactor could not be secured. 



SUMMARY OF THE INVENTION 
The present invention is contrived to solve the above problems and an object 
of the present invention is to provide an improved digital software-based reactor protection 
system and an engineering engineered safety equipment operating features actuation 

15 system, which can be applied to present nuclear power plants. 

In order to accomplish the above objects, a digital online active test - plant 
protection system (DOAT-PPS) in a nuclear power plant according to the present invention 
is characterized in that it comprises a test generating computer (TGC) for generating a test 
input for self-diagnosis, said test input being a command to initiate a test inserted between 

20 actual safety parameters as a test parameter and a test signal position bit indicating that said 
test input is currently generated at what position of the process parameters a position 
information of the test input ; a trip algorithm computer (TAC) for receiving plant operating 
the safety parameters through the TGC from via a plurality of measuring channels which 
are physically and electrically isolated from each other and then comparing the measured 

25 operating safety parameters and a predetermined limit values by the safety parameters to 
determine a trip state of the safety parameters , if there is a test input by said TGC; a voting 
algorithm computer (VAC) for receiving trip signals from state of each of the plant 
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operating safety parameters determined by said TAC in each of the channels , determining 
whether a reactor has to be stopped or not a final state of each of the safety parameters and 
then outputting a signal to stop the reactor the result ; and a pattern recognition computer — 
(PRC) for expecting a signal pattern from the state of the reactor to be input from the VAC 
5 by using the test signal position bit which is inputted through the VAC from the TGC , 
comparing the signal pattern on a one to one basis with the reactor trip sig n al generated 
result determined by said VAC, and then if the signal pattern and the reactor trip signal 
result are not consistent, determining to step trip the reactor. 

Further, a digital online active test plant protection method in a nuclear 

10 power plant comprises a first step of generating , in a test generating computer (TGC), a test 
input for self-diagnosis, said test input being a command to initiate a test inserted between 
actual safety parameters as a test parameter and a test signal position bit indicating that said 
test input is currently generated at what po sition of the proces s parameters a position 
information of the test input ; a second step of receiving , in a trip algorithm computer 

1 5 (TAC), plant operating the safety parameters through said TGC from \4a a plurality of 

measuring channels which are physically and electrically isolated from each other and then 
comparing the measured operating safety parameters and a predetermined limit values by 
the safety parameters to determine a trip state of the safety parameters , if there is a test 
input in said first step; a third step of receiving , in a voting algorithm computer (VAC), trip 

20 signals from state of each of the plant operating safety parameters determined by said 

second step in each of the channels , determining whether a reactor has to be stopped or not 
a final state of each of the safety parameters and then outputting a signal to stop the reactor 
the result ; and a fourth step of expecting , in a pattern recognition computer (PRC), a signal 
pattern from the state of the reactor to be input from said VAC by using the test signal — 

25 position bit which is input through the VAC from the TGC , comparing the signal pattern by 
one to one with the reactor trip s ignal generated result determined by said third step, and 
then if the signal pattern and the reactor trip s ignal result are not consistent, determining to 
step trip the reactor. 
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Further, in a recording medium readable by a computer and on which a 
program is recorded, the program executes a first step of generating , in a test generating 
computer (TGC), a test input for self-diagnosis, said test input being a command to initiate 
a-4esf inserted between actual safety parameters as a test parameter and a test signal 
5 position bit indicating that said test input is currently generated at what position of the 

process parameters a position information of the test input ; a second step of receiving , in a 
trip algorithm computer (TAC), plant operating safety parameters through said TGC from — 
\4a a plurality of measuring channels which are physically and electrically isolated each 
other and then comparing the measured operating safety parameters and a predetermined 

10 limit values setpoints by the safety parameters to determine a trip state of the safety 
parameters , if there is a test input in said first step; a third step of receiving , in a voting 
algorithm computer (VAC), the trip signals from state of each of the plant operating safety 
parameters determined by said second step in each of the channels , determining whether a 
reactor has to be stopped or not a final state of each of the safety parameters and then 

15 outputting a signa l t o stop the reactor the result ; and a fourth step of expecting , in a pattern 
recognition computer (PRC), a signal pattern from the state of the reactor to be input from 
said VAC by using the test signal position bit which is input through the VAC from the 
TGC , comparing the signal pattern by one to one with the reactor trip signal generated 
result determined by said third step, and then if the signal pattern and the reactor trip s ignal 

20 result are not consistent, determining to s4ep trip the reactor. 

BRIEF DESCRIPTION OF THE DRAWINGS 
The aforementioned aspects and other features of the present invention will 
be explained in the following description, taken in conjunction with the accompanying 
drawings, wherein: 

25 Fig. 1 is a schematic view of a digital online active test - plant protection 

system (DOAT - PPS) at one channel according to one embodiment of the present 
invention; ami 
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Fig. 2 is a diagram illustrating the difference between a conventional digital 
plant protection system (DPPS) ? a dynamic safety system (DSS) and the DOAT- 

PPS according to one embodiment of the present invention ; and 

Fig. 3 is a functional schematic diagram of a prior art dynamic safety system 
5 (DSS) as used in comparison in Fig. 2 . 



A digital online active test - plant protection system (hereinafter called 
"DOAT-PPS") according to one embodiment of the present invention will be described in 
detail with reference to accompanying drawings. 



of the present invention. First, the major components of the DOAT-PPS includes a test 
generating computer (TGC) 1 10 for generating test a test input , a trip algorithm computer 
(TAC) 1 20 for receiving a s afety safety parameter signal to compare and for comparing it 
with a trip set value setpoint. and to generate a trip signal state , a voting algorithm 

1 5 computer (VAC) 1 30 for receiving trip signals from other channels state determined by 
TAC in each of the channels to perform a logic, a pattern recognition computer (PRC) 140 
for generating a rector trip signal, a manual test computer (MTC) 150 for providing an 
input and output function by which an operator can monitor and control input/output 
signals from the TGC 1 JO, the TAC 120, the VAC 130 and the PRC 140, and a remote 

20 control module (RCM) 160 installed at a main control panel, for displaying the operating 
state of the system and for performing various functions necessary to monitor the test and 
maintain the system. Each of the TGC 110, the TAC 120, the VAC 130, and the PRC 140 
includes a processor module PM. a communications module CM. a digital input module DI 
and a digital output module DO. At least the TGC 1 10 also includes an analog input 

25 module AI. 



DETAILED DESCRIPTION OF THE INVENTION 



10 



Fig. 1 is a schematic view of the DOAT-PPS according to one embodiment 
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The DOAT-PPS according to one embodiment of the present invention is 
composed of four independent few measuring channels ( A . B, C an d D) like a 
conventional DSS (see e.g.. Prior Art Fig. 3) . 

The reactor trip signal is generated when more than two measuring channels 
5 among the four measuring channels, that are physically and electrically isolated, surpass a 
predetermined trip set value. At this time, the trip set value is a value predetermined for 
the reactor operating safety parameters. If the trip set value is surpassed, it means the state 
of the reactor is unstable, which will be explained in detail hereinafter explained later . 

In other words, the function of the reactor protection system is to minimize 
10 the possibility that radioactivity can be leaked from to surrounding environments by 
stop p in g tripping the reactor, when the nuclear power plant is entered into an abnormal 
state out of a normal operating state. The reactor protection system receives signals from 
the reactor and other components to generate a trip signal using trip logic when they get out 
of normal operation conditions. 
15 The signals inputted into the four independent channels are inputted to the 

TAC 120 via the TGC 1 10. Here, the TGC 1 10 is an integral portion of a digital online 
active test according to the present invention, which generates a test input and a test signal 
position bit. 

At this time, the test input is a command to start the test. Also, the test 
20 signal position bit assists the function of the test input generated at the TGC 1 10 and also 
functions to inform that the test input is generated at what position of the process safety 
parameters. In other words, the DOAT-PPS automatically continuously performs an active 
test and generates a test input to determine whether respective components are stable or not 
by replacing an actual input. Therefore, knowing where the test input is located is a very 
25 important factor and the test signal position bit functions to inform this position to entire 
components. Also, a diagnosis for each of the TAC 120, the VAC 130 and the PRC 140 
can be made in real time using the test signal position bit. 
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The TAC ] 20 generates a self diagnosis test signal determines the trip state 
of each of the safety parameters and uses the test signal to transmit forwards the trip signal 
state to the VAC 130. That is, the reactor trip signal state determined by the TAC 120 in 
one each channel enters the VACs 130 in the four channels as an input signal, and the VAC 
5 1 30 determines whether th e r e actor ha s stopped or not a final state of each of the safety 
parameters by means of an adequate select voting logic (generally 2/4 logic). The voting 
logic is a desired or specified item that is selected at the time of constructing a nuclear 
power plant . 

Meanwhile, the PRC 140 expects a signal pattern from a current state of the 
10 reactor to be inputted from the VAC and then compares it on a one to one basis with the 
reacto r final trip signal state generated determined by the VAC 1 30. As a result of the 
comparison, if they do not match, the PRC 140 determines that the reactor step should be 
stopped tripped and transmits it to respective initiation logics. 

Also, the MTC 150 provides an input and output function by which an 
1 5 operator can monitor and control input/output signals from the TGC 1 10, the TAC 1 20, the 
VAC 130 and the PRC 140. 

In addition, the RCM 160, which is installed at a main control panel, 
displays the operating system of the system and performs various functions necessary for 
monitoring and maintenance of the system. 
20 Each of the components of will be below explained in more detail. 

First, the TGC 1 10 is a core portion of a digital online active test according 
to the present invention and generates a test input and a test signal position bit, which 
initiates a test automatically. 

If the test is automatically initiated, the TAC 120 TGC 1 10 receives plant 
25 operation safety parameters as an input signal from an environment neutron flux 
monitoring system (ENFMS), a remote step shutdown panel and a core protection 
calculation calculator system (CPCS) via an analog input module AI or a digital input 
module DI. 
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Also, the The TAC 120 contains a sfap trip algorithm and performs the two 
following functions- 
First, it determines whether the reactor has to be st opped tripped or not 
using the sfap trip algorithm. 
5 Second, it controls the TGC 1 10. The TGC 1 10 generates a test input 

making respective opera ti ng safety parameters into reactor ^fep trip states depending on the 
step trip algorithm. The test input is actually inserted between actual plant signals safety 
parameters as a test parameter for testing . The initiation software of the TAC 120 
compares the measured operating safety parameters va lu es and the predetermined limit 

JO value setpoint by the safety parameters to determine a trip state using the trip algorithm. 
The trip signal state is transmitted to the VAC 130 via a programmable logic control 
controller (PLC) digital output module. That is, the TAC 120 generates a test signal for 
self diagnosis determines a trip state of all of the safety parameters by means of the trip 
logic and transmits the trip signal state to the VAC 1 30 using the test signal . 

15 In the embodiment of the present invention, if the TAC 120 is implemented 

using PLC, it includes i s consisted of a central process module, a power supply module, an 
analog input module, a digital input module and a digital output module. 

Meanwhile, the plant stop operating safety parameters, which are applied to 
the input terminal of the TAC 120, are as follows. 

20 First, it is a variable over power trip. The change ratio of the neutron flux 

level is increased over a program set value setpoint or the neutron flux reaches a 
predetermined maximum value, the reactor is stopped tripped . There is a difference of 
about 15% between the output and the trip set value setpoint . If the output of the reactor is 
increased, the trip set value setpoint is also decreased to maintain the range of 13.6%. If 

25 the output of the reactor is reduced, the trip set value setpoint is maintained at 13.6%. As 
the maximum increased ratio of the trip set value setpoint is 14.6%/min, however, if the 
output of the reactor is increased over the maximum, a trip of the reactor is occurred. The 
purpose of this trip function is to assist the engineering engineered safety equipment 
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operating features actuation system for in mitigating the result of an accident when a 
control rod is extracted. 

Second, it is a high logarithmic power level trip. The high logarithmic 
power level trip is initiated in order to step trip the reactor when a predetermined neutron 
5 flux output reaches a predetermined maximum value. The purpose of this trip is to secure 
safety of a cloth and a reactor coolant pressure boundary when accidents such as dilution of 
boric acid or extraction of an uncontrollable control rod are occurred. 

Third, it is a high local power density trip. When a core maximum output 
density is locally over a specific value, the reactor is s t opped tripped . This is caused by 

10 generation of a trip signal in the core protection calculator. The input signal used in the trip 
signal is an output, the location of the control rod, the temperature, pressure and flow rate 
of the reactor coolant, etc. The purpose of this trip function is so that the local output 
power density does not surpass the design limit value upon medium frequency and rare 
frequency accidents. The local output density is calculated in the core protection calculator 

15 using the output of a neutron flux and the distribution of a radial-directional output, the 
output of a radial-direction tip by the measurement of the location of respective rods, and 
the temperature of the reactor coolant and the output between the temperatures by 
measurement of the flow rate. The local power density reactor stop trip parameters 
calculated by the core protection calculator (CPC) are ones that considered an error and a 

20 dynamic compensation. This ensures that the tip value of the core local output power 

density does not surpass the limit value of the local output power density safety limit value 
after the reactor is stopped tripped when the core local output power trip tip value is 
actually sufficiently lower than the nuclear fuel design limit value. The dynamic 
compensation considers the transfer delay of the core fuel center temperature (related to 

25 variations of the output power density), delay time of the detector and time delay effect of 
the protection system. A method of calculating an error of the core protection calculator 
related to the tip local power density is same to the method used in Departure From 
Nucleate Boiling Ratio (DNBR) calculation, wherein the DNBR is a physical amount 
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indicating that a cooling wa ter f o r cooling a nuclear fuel rod coolant within the reactor is 
boiled to generate bubbles. 

Fourth, it is a low Departure From Nucleate Boiling Ratio trip. If the NBR 
reaches a predetermined minimum value, the reactor will be stopped tripped . That is, it 
5 assists the engin e ering engineered safety equipment operating features actuation system for 
mitigating the result when the reactor coolant pump is out of order or the v ap or steam 
generator is leaked. The NBR may be calculated in the core protection calculator using the 
neutron flux output and the axial-directional eufptH power distribution by the neutron 
detector in the reactor, the radial-direction tip output by measurement measuring of the 

10 locations of each of the control rods, the output between the temperatures by measurement 
measuring ef the temperature and the flow rate of the reactor coolant, the pressure of the 
coolant system by measurement measuring ef-the pressure of the pressurizer, the flow rate 
of the coolant by the speed of the reactor coolant pump and the core inlet temperature by 
measurement measuring ef the reactor coolant low temperature tube cold leg temperature . 

15 In this case, considering the delay of the detector and the processing time and inaccuracy, a 
trip is generated before the NBR surpasses the safety limit value setpoint . Also, the 
calculation method uses a DNBR calculation method, which ensures that the reactor can be 
stopped tripped in a state that the calculated DNBR is sufficiently higher than 1 .30 so that 
it does not override the DNBR safety limit value even though the core DNBR value is 

20 reduced. The dynamic compensation indicates the transfer delay of the coolant, the 
thermal delay of the core (related to the core output variations), the time delay of the 
detector, the time delay of the protection system, etc. The error of the core protection 
calculator related to the DNBR calculation includes an input measurement error of the core 
protection calculator, a calculation equation modeling error and a computer process error. 

25 The DNBR calculation equation used in the core protection calculator is effective within 
the predetermined limit value. Therefore, if the core protection calculator is operated out 
of the limit value, it generates a DNBR/LPD trip signal. 
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Fifth, it is a high pressurizer pressure trip. This trip is to secure a safety of 
the reactor coolant pressure boundary when the medium frequency and the rare frequency, 
which could be over- pressured pressurized , are have occurred. If the pressure of the 
pressurizer is over the set value, the reactor trip is occurred occurs and extraction of the 
5 control rod is prohibited. 

Sixth, it is a low pressurizer pressure trip. This trip assists the NBR trip, 
prevents accessing the safety limit value set point ands assists the engineering engineered 
safety equipment features actuation system when an accident such as loss of the coolant 
accident (LOCA) is occurred occurs . When the plant is stopped or cooled, it allows the 
10 operator to manually decrease the set value setpoint . If the pressure is increased, the set 
value setpoint is increased with a given difference. 

Seventh, it is a low steam generator level trip. This trip prevents that the 
reactor from becoming is pressurized due to the absence of a thermal removal source such 
as loss of a water supply. That is, when the water level of the steam generator is reduced, a 
15 protection action is taken to ensure a time sufficient to operate the assistant water supply 
pump for removing remaining heat. 

Eighth, it is a high steam generator level trip. This trip prevents moisture 
from a steam generator from entering the turbine, thus preventing damage ef to the 
equipment. That is, if the level of each of the steam generators surpasses the set value, a 
20 trip of the reacto r occurs is occurred . 

Ninth, it is a low steam generator pressure trip. This trip assists the 
engineering engineered safety equipment features actuation system in order to prevent the 
reactor coolant from cooling when a steam tube is disrupted. 

Tenth, it is a low reactor coolant flow rate trip. This trip senses the pressure 
25 difference between the front and the rear stairs in the first side of the steam generator. 
Thus, if this pressure difference falls by a significant ratio or under a predetermined 
minimum value, a trip of the reactor occurs is occurred . 
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Eleventh, it is a high containment pressure trip. This trip sets the pressure of 
the container not [[*]] to surpass the design pressure when accidents such as loss of a design 
standard coolant or damage of a main steam tube within the containment occur are 
occurred . That is, if the pressure within the containment reaches the set value setpoint , a 
5 trip signal of the reactor occurs i s occurred . 

Twelfth, it is a manual reactor trip. This trip provides a means for tripping 
the reactor in the main control room. Also, it is made possible in the reactor trip switching 
gear. 

The VAC 130 receives the trip signals state of respective safety parameters 

10 determined by the TAC 120 and a trip channel bypass signal related to it. At this time, it is 
operated depending on a confirm algorithm by which only one channel can be bypassed at 
a time. Here, the trip channel bypass means that when one of the four channels could not 
be operated by an accident, it functions to remove that channel. 

In the present embodiment, if signals from more than two channels of the 

15 four measuring channels indicate trip states, trip signals are outputted to corresponding 
safety parameters. If the trip channel bypass exists, more than two of the three trip signals 
that are not bypassed indicate trip states , a trip signal is outputted to make a trip signal . 
Also, it receives position information of the test trip input signal for self-diagnosis 
generated by the TAC 120 TGC 110 and then outputs forwards it to the PRC 140. 

20 The RPC 140 receives the trip signal state of each of the safety parameters 

determined by the VAC 130 and the position information of the test trip signal input for 
self-diagnosis through the VAC from the TGC . As the The trip state generated in the 
safety parameters corresponding to the test trip position input means that the system is 
normal, it does not generate and thus a reactor trip signal is not generated . When the-trip 

25 state of the safety parameters not corresponding to the test trip position input and th e safety 
parameters of the test trip location are is normally received, however, a reactor trip signal is 
generated. 
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Referring now to Fig. 2. the difference between the conventional digital 
plant protection system (DPPS), a dynamic safety system (DSS) and the DOAT-PPS 
according to one embodiment of the present invention will be in detail explained in detail 
below. 

5 Though all of the three systems are similar since they are based on a 

software-based digital system, the two systems are different from the DOAT-PPS in 
several detailed points. 

First, examining a control scheme, all of the systems are a software based 
digital system. Examining major apparatuses, the DSS adopts a board controller scheme 
10 but the DPPS and the DOAT-PPS employ a PLL scheme. 

Also, all of the three systems perform functions based on the software and 
have the number of four measuring channels. In view of a test method, the DPPS must be 
directly initiated by an operator but the DSS and the DOAT-PPS are automatically initiated. 

Further, examining a system interface scheme, the DPPS uses an interface & 
15 test processor (ITP) scheme but the DSS does not have a specified scheme and the DOAT- 
PPS is performed in the MTC. 

Also, in the test input generation algorithm, the DPPS adopts a predefined 
scenario algorithm, the DSS adopts a fixed test input algorithm and the DOAT-PPS adopts 
an intelligent test input generating algorithm and an input signal position bit algorithm. 
20 Also, examining the online diagnostic monitoring section, the DPPS and the 

DSS adopt a partial diagnostic monitoring scheme but the DOAT-PPS adopts a diagnosis 
monitor scheme for all the components. 

The present invention has been described with reference to a particular 
embodiment in connection with a particular application. Those having ordinary skill in the 
25 art and access to the teachings of the present invention will recognize additional 
modifications and applications within the scope thereof. 

It is therefore intended by the appended claims to cover any and all such 
applications, modifications, and embodiments within the scope of the present invention. 
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As mentioned above, the present invention has outstanding advantages that 
it can design an intelligent test system capable of monitoring the stale of all the 
components as well as all types of errors and it can improve the use and the maintenance. 
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ABSTRACT OF THE DISCLOSURE 
There is disclosed an improved digital softwar e based reactor protection 
system a nd an engineered safety feature actuation s ystem. A digital onJine active test - 
plant protection system in a nuclear power plant according to the p resent invention 
comprises a test generating computer (TGG) for generating a test input being a command to 
initiate a test inserted between actual safety parameters as a test parameter and a test signal 
position bit indicating that the test input is currently generated a t w h a t position of the 
proces s parameters position information of the test input ; a trip algorithm computer (TAC) 
for receiving plant operating safety parameters from via a plurality of measuring channels 
physically and electrically isolated and then comparing the measured operating safety 
parameters and a predetermined limit values by the safety parameters to determine a trip 
state, if there is a test input by the TGC ; a voting algorithm computer (VAC) for receiving 
a trip signals from state of each of the plant operating safety parameters determined by the 
TA€ ? determining whether a reactor has to be stopped or not a final state of the safety 
parameters and then outputting a signal to stop the reactor the result ; and a pattern 
recognition computer £PRG) for expecting a signal pattern from the state of the reactor , 
comparing the signal pattern with the reactor trip signal generated result determined by the 
VAC , and then if the signal pattern and the reactor trip signal result are not consistent, 
determining to step trip the reactor. 
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